Analysis Overview
SHA256
ca0ca21d2dae0588f4ab2a83e1c68f49eed195fd88d61ec2be2d7445a9095d22
Threat Level: Known bad
The file GeoIP.dat.exe was found to be: Known bad.
Malicious Activity Summary
Darkcomet family
Darkcomet
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-10 16:03
Signatures
Darkcomet family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-10 16:03
Reported
2024-08-10 16:06
Platform
win10-20240611-en
Max time kernel
146s
Max time network
136s
Command Line
Signatures
Darkcomet
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\GeoIP.dat.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GeoIP.dat.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\GeoIP.dat.exe
"C:\Users\Admin\AppData\Local\Temp\GeoIP.dat.exe"
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:1604 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
memory/4156-0-0x0000000002310000-0x0000000002311000-memory.dmp
memory/4156-1-0x0000000000400000-0x00000000004B2000-memory.dmp
memory/4156-3-0x0000000002310000-0x0000000002311000-memory.dmp
memory/4156-16-0x0000000000400000-0x00000000004B2000-memory.dmp
C:\Users\Admin\Desktop\ResolveCompress.xltm
| MD5 | 377fe264cfcee1cdbfd6adb8c7375bb4 |
| SHA1 | 6c782adea9723ef6cec96acbc74d2e88415a05ba |
| SHA256 | 219306b805ef93ee52c0cc7f801b0b48629f19e9622cb54eedfde68a42625dc2 |
| SHA512 | 9842755e2e376dae31a1fd27f08c95f5e5a6d7a2c2d0f9b3a58c2ca3180567822ef7c0bd612134ddb9a0093b4021e7b3e24ac06a899bca47face032173ea5301 |
C:\Users\Admin\Desktop\TraceClear.001
| MD5 | 8432cf94420d9b42a93e61ef6a23e49f |
| SHA1 | f65e41ae03cdf109c175f739f26e8d5d29547e07 |
| SHA256 | c97b7c06cff104e5c73b75bca04980a875b705758b27f53057ffa4f0f23fb995 |
| SHA512 | 8a79da70764e36c36aa7f2f4e777e42a8d1b34c1310152822c77c72b821a38f2fbe2616f549f4420d696da9e753ac561e28c3aad37f935ce06e28e451d8fa467 |
C:\Users\Admin\Desktop\StartExport.bmp
| MD5 | 16ecc1ceac7aee5d407ecbbcf199a9ab |
| SHA1 | 9f07dc9aa07bee8a0cbbeda04ab8bf32e64ec29a |
| SHA256 | 1a3bc200cd92e8ef5ab7325229e6bb614eb1bf090793e7df78f28f911296961a |
| SHA512 | 51d8ec01409861cdfabf4327ce0ef3a67d24428fc61f814ae287ec48e9801fad366340e40fe3c7d31179e6b18e52825adb8078a40ccfc7923b723447465d43e2 |
C:\Users\Admin\Desktop\SplitPing.aif
| MD5 | e5679f40583f5c551877eda26e7df384 |
| SHA1 | 297055518c84c8cdfcd52ab37801c1a0086ba81a |
| SHA256 | 5f96d54fc20ddaa10a3fe4a11fb1e8ff9a02ce09eab6fe37bb5e15f2c9a7578d |
| SHA512 | ada811885d5b2c4683cf1c6dcf094482c939057b0bb48d8b66292d4991f5de186b8b0f5330b79a39f1cda8ceb876ac121917eb1adf23febbf5f6938312e306c2 |
C:\Users\Admin\Desktop\SetPop.pptx
| MD5 | e7171eaf64bc7bdef4e6ad6818f4fee3 |
| SHA1 | 93e10c4ff478a897cfd4ae9c1971f0374976882d |
| SHA256 | 32d6da9398182621ed44d01674fde90fc4ad122c78d7c9765988917762bd4160 |
| SHA512 | b4a2d3ec7d495269cd3de7658412b4f2db1ac1300b8c381e9069f92d8bc6fb4cc3ba74272e0fa5b8181f7ca4662d19389aafab45ac9e68613dd4c0d8b47f93c6 |
C:\Users\Admin\Desktop\RevokeUnprotect.midi
| MD5 | b91b107f90f1270bf5030498f2bcdcb7 |
| SHA1 | 90c5730c70cce85733b10466e1a01f3ffc5f0678 |
| SHA256 | 9a14a455a25ce21cb1babb5e6202303a42234173f042de7b5e11515d03cc2389 |
| SHA512 | 5846e4d918f24bed7bd48a8e7369b4afdbf430b0773739c8224974d296bb3f85aab68fc14cf3225a65661689eb2e825f65d54992046eec4f741e06e01a3d5881 |
C:\Users\Admin\Desktop\ResumeGroup.m1v
| MD5 | df6e02e7ad9dbef70b698a4b75c75bf4 |
| SHA1 | 6334228adae92b2f620f4083285c3428e1d57461 |
| SHA256 | 9b31cbf0d7ddb4d4646e6005839af6fd2e3372631ee6bbd768634d2727fc6865 |
| SHA512 | 799e49f48069fa256a5e1b71fa45f2fab4dd62c4e251263b75ab5f536f7d437d870992206dba9d6ea4934fedc0e7eafba063e52f39f873fa8ea78b6ad3b99903 |
C:\Users\Admin\Desktop\UnregisterHide.pub
| MD5 | e19ead919ec0d7067060e70d72f522c3 |
| SHA1 | e41a788387cf666d8cfaa0af53c832937caec5fe |
| SHA256 | fc875535e3c8fc16229e1a54eef027122b04d618cc6f43d9441bcaab463438c1 |
| SHA512 | 6032bc8f1c3a1416229b06b76345d15c34b2d523125105ebb108f8c09ed7a0824afeb98c6860a845f618a44398bd033384925a03d810d639febbb7d96f456d34 |
C:\Users\Admin\Desktop\ConfirmCompare.mpg
| MD5 | fc1a9fe4e0bbe4300bca5898007e1b6f |
| SHA1 | 8fc589e9da845015ada24386d18384237024b39d |
| SHA256 | 6f1811a2c098cf4b6a536c686e5f78b630b9dada4a0c64e9859cdb3c29455750 |
| SHA512 | 00cb3a784a2532dccb811727d490bf7735ac741de891d5bced9149be04de8d7e0ae1e9c7b2ae2a85371fdfcc48794b7b155b343ea4fdc3d999407ffc383685b1 |
C:\Users\Admin\Desktop\DismountRead.wm
| MD5 | b5e4695b905dd5c711535e05f034aee2 |
| SHA1 | 38854c3601c4132e624629e41168b6d7eb9ec5c5 |
| SHA256 | 9557e559bdf36ce8ca15b677aa9978912a9a16cf05864161db6477cb9ea9337f |
| SHA512 | 3fe496a45109bc5aa4bdeccaee29777681be3b0d671a460346d35f40f148fd9cb4e6f664fa6b0112d482559ef93915926869bfc097c00e9d4f3102bf33d736c2 |
C:\Users\Admin\Desktop\DebugOpen.vbs
| MD5 | e850e1476faeea48e3f69544a8f7a87e |
| SHA1 | 0a97e460f926889ecd43d3982d73f06025faf3b8 |
| SHA256 | 4c85893a754ffe24304ea074f779380cca71d0a96b61c53c98318ecedc0721df |
| SHA512 | cffab3fb45056a9d93d18604349f6f043e580f39760a4e6afa5cdb2e671dd4be518d172229fbd2570f725c42cd23b3630982c46eeb0d32b0ea6cf0f9d3e9764c |
C:\Users\Admin\Desktop\ExportWrite.wvx
| MD5 | c0690398ec857a032c36ef8875b559ed |
| SHA1 | ea8954bc6bff1b2530527f4e9ace772ef87086a9 |
| SHA256 | 78bd8bd8c58d52aacf644d4595677937893a41de4178977998029a916ba24c7d |
| SHA512 | c62af79e568bb9d6caa941016a6a6f0e7f49fce9abd37ea99c6eae5da5dc61f7c317b3d6e06d9d742defd42bf15b6b4e75a8b5fcaa4c5d217ac215cf54800bdc |
C:\Users\Admin\Desktop\JoinOut.odp
| MD5 | 855d166542c222fe8a220924c73ef184 |
| SHA1 | 8c6165a12a3edb31b821bbac12f0463d9f14312d |
| SHA256 | 1f5786268b8cd3da51ad86e419b49a0ec01f217c389bbb54d1793ab6d74edcfe |
| SHA512 | ee3fa6238d21f9f63c2604d5945ead52da4cce7ae412e566edfdfeac4ccc5601411ec1e1a79804602c0f7a3256e2c433767d7c8fe77a6a16306e5d61463423e0 |
C:\Users\Admin\Desktop\OutImport.wmv
| MD5 | 1cc8f4f9436b3a273195c1f5049c4601 |
| SHA1 | 693b596e295da459d1f687d69db28d74ae869307 |
| SHA256 | 18eb031a1d6f4ef2701d7153802cbee02119f034db89c0447c47a430700aa0f5 |
| SHA512 | 2a99cfe3bf250829741a3baf5f4f19488b5e5c815d69a209853bb7b9756ffd7a6599a7e9123e719c64486f4f7577834eb36dc13b8733b2a83f7577f6e8285e93 |
C:\Users\Admin\Desktop\UnregisterLimit.svg
| MD5 | 2d9f1e301a47cfd7f2f041ca59056eae |
| SHA1 | 3ca5f428c650511380d84e711b55b6f46d8b4acf |
| SHA256 | 6c34dd08f11b98ca3e99867e8e5427af712546ff7199094202e1f453a17f66a8 |
| SHA512 | beb96fafb1d04beafc2232b6f58381fd8473631f26a5bf6fb30fa608942eb9224d6853e15b25d03bac860d0b235e378123fb4b0fece4f257f52359cdf9ea1562 |
C:\Users\Admin\Desktop\StartCompare.wav
| MD5 | 214f24f121ec1e1344ab1d02258c47c1 |
| SHA1 | ec237d8304da048243a2daa41aab0d3bee41b0af |
| SHA256 | 1481bfeae50ec98f4f4f706c1ca506e5e8efe52a73fe8ec31456024c593e26e9 |
| SHA512 | 188a462707c57495f7f3f40911c11238e273cfdae6459e39f3dac84e6f2671f9d2942567e477bc47464d456c3cc69580887e781d4dbd546aac9b43b3aacf6b1d |
C:\Users\Admin\Desktop\StartCompare.tiff
| MD5 | 014225827862358aa6c29ec6ac1663ca |
| SHA1 | 43812b84eec73e27a47d4e7723cad3e926c17de8 |
| SHA256 | 0001f6bc45fdae8becf2f880e4e2b087a34341b4b4bad34c59a29d7041974c63 |
| SHA512 | 7d842ee612a71ff6f2bedd6e735ffa7712774cd0568e866b4a08d57e3d4d9ace6d596eb56b86263dcbf1c0803809f67451c469d0cf4ad7da72f75a71b9586aab |
C:\Users\Admin\Desktop\SelectRequest.ps1
| MD5 | 9ca2530a7bd34b2fa0d8707e13cbef8f |
| SHA1 | e99b1e24cdbd2ab11da2876299f38499d1da5e43 |
| SHA256 | 805b9bcca3839294ec0f65879a18b39e4fcb917f89a5492fbe009d4735853e2c |
| SHA512 | d33b66388fbab61eb5881d8c03b9330de8e8fc5327d3a7c7c44a201b8ca0d2124bdee18b9d6961266a80fd7129559e097d728757de3a45969f5dde7e3c563374 |
C:\Users\Admin\Desktop\ResetClose.wmx
| MD5 | 88957384243c4e4b26342a407ba069c4 |
| SHA1 | 66219781d7ecdd057da52234b4cb727d28784a19 |
| SHA256 | 549bc194c0d80103ce254405aba467a2ce3afd50a25f45a13e03e5ef34984955 |
| SHA512 | a1b27c6319394a398a79dba7cc66d8b545fcb7ea0781614568e48669189a6358abbfb33eb6a61fcc946fd57a0fd1599e412b176951e5751f681e2f3cea74044b |
C:\Users\Admin\Desktop\RedoSubmit.xltm
| MD5 | af5e875bd5a108de6c881237c2ed9c3c |
| SHA1 | 8bd25d9e5aa7019f360cc24eb96ab83f92af3bdf |
| SHA256 | 24b18341dd2c02779e333732faf5647b2079500e896d1c58aa6ea470e173bf15 |
| SHA512 | 35f701357ff32f5b37448753cd1d5ac5d7aefa14d167c673c0770f72e39f4327c5ea0e32e0ef3f6bf502c4a4b61ebc4fcf651fbd1512ecbc704545c2d4890214 |
C:\Users\Admin\Desktop\OpenCompress.au3
| MD5 | b5dea194bb43193390b1c9103b4a732e |
| SHA1 | cd4607514f7770b03c46b2d08acaab1165711b57 |
| SHA256 | acb610ed2684d3d0fae797eb4d545c0439ddfaafc7a565ae8639e68f872b7d50 |
| SHA512 | 45f04a2900d1c9fa54009bafa25cd26cd919b91684be3aae12452ce2a3d152b57ba72ce8b9d5374a25ecfed267ed27aacb368f8298832a4a2e4ef37fccb257d9 |
C:\Users\Admin\Desktop\PingConnect.vsx
| MD5 | c47b299befdfa21d58f91bac72d96de1 |
| SHA1 | a40803a933879de0832c29201c5bcb6b252e6189 |
| SHA256 | d3e134dbd33fa461610cb3495eaee3e55f43a7cf66a592a7ddf9164fd0953ec9 |
| SHA512 | e724b1d2ed7c9ad144514627a2c63138552399e101914fa66ef5331e7ed42c0b811125a880f6a52879778b5f196dff2f38e6fce12bdd815eebf2fc8533cd6541 |
C:\Users\Admin\Desktop\HideSkip.mpeg3
| MD5 | 3490fd006a30294ab88a8f94f9c73de1 |
| SHA1 | 6258539be375b0f879adea1bdce14fcd66a932b3 |
| SHA256 | b60a005d9244509f089663e3fbb4d3a4c7218861579b3f88db2b198021bc64cd |
| SHA512 | dff505f254f2dda01d17fcb4dfd342492660c96eeeeda2c9a8b876d402645d4e9209206c05d042b5074264015844fcc4b3b4619aa6ca30dbfc1a546e5c10b0b6 |
C:\Users\Admin\Desktop\EditShow.mpa
| MD5 | e14951168f9383004c87210dde4445f1 |
| SHA1 | c0799dff0f90c38939333f50f07ddcc35b2017e1 |
| SHA256 | c7f98fe6a2dbc1f2496e036c364df1c1062de43c054d12461df80a3bdb72df5d |
| SHA512 | 245f52a1de17bd99c40dd7d1f4114bbb71f05d6857d71eea66b38ac33217b3ed604e004af0dbb8e79f211e89089e2dc08f9bc55f42d6750f89db2873d3242b85 |
C:\Users\Admin\Desktop\ConvertToCopy.asx
| MD5 | 26847010e60a1c94e26e750e4079ba76 |
| SHA1 | 96aee5c06d51c8aaae6354720a9743673d59716c |
| SHA256 | d04250913e102e8dd9452b7ac0a50b756f0c0d3d6c080773faa65f01a576d00a |
| SHA512 | 09fde30f4e3c1dab8f0f313ded304e19206dc8ec6f401fd2a3f20c10e4b956f204cf9cd712a7feaef9084f47bc0082a987a1a1d4316abc63a44d2e7b4050dd79 |
C:\Users\Admin\Desktop\UpdateApprove.dxf
| MD5 | 749e66ca058e0c83dd8f25ef6eae8e5f |
| SHA1 | 06bdf9d305afc4a8a016c081db395eaf2eb764a6 |
| SHA256 | 4a164882964e837656937e70ebe75525f0cedabfa14678bd59c0316298361d99 |
| SHA512 | 0d2dbe279d869f462f71026d2999766f2a87191f9a5b84abf1e3c0144c289f17046f68e8448bb5bcab193a8d3f86d3b7d5c12b769a776a7cc689e26a63fe8c95 |
memory/4156-51-0x0000000000400000-0x00000000004B2000-memory.dmp